NKBA Website Privacy Notice

This Privacy Notice (the “Privacy Notice”) relates to National Kitchen and Bath Association (“we”, “us”, “our” or “NKBA”) and can be found at the website NKBA.org website (the “Site”). We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

Your rights

The personal information we collect about you

What we do with your information, and

Who your information might be shared with.

The end of this Privacy Notice contains additional information for residents of California, Canada and the European Union.

The Site and these all or any portion of these Term of Use policies are subject to change and your use of the Site following any changes means that you accept the revised policies. If we amend any of these policies, where required by law, we will post the changes at least 30 days before the amendment takes effect. Therefore, please periodically check this page for changes. We will also notify Account holders (as “Account” is defined in the Site’s Terms of Use) when these policies change by sending an email to the email address the Account holders used to log into their Account; when required by law, such notice will identify new provisions and changes relative to the previous provisions, the effective date of the change, and the fact that you may terminate your Account or membership in the NKBA in lieu of accepting the changes.

If you need extra help

If you would like help reading or understanding this notice (e.g., it is difficult for you to read or understand this Privacy Notice is in its current font size or format), please contact us.

About Us

The National Kitchen and Bath Association is a non-profit trade group that promotes professionalism in the kitchen and bath industry.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

Write to us at The National Kitchen and Bath Association, 687 Willow Grove St, Hackettstown, NJ 07840;

If in U.S., call us toll-free at (800) THE-NKBA or toll-based at 908-852-0033.

Useful Words and Phrases

Please familiarize yourself with the following words and phrases as they have particular meanings in the EU Data Protection Laws and are used throughout this Privacy Notice:

Personal Data

Means any information from which a living individual can be identified.

This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion and indications of intentions about people (and their own expressions of opinion/intentions).

It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.

Special Categories of Personal Data

Means any information relating to:

Racial or ethnic origin;

Political opinions;

Religious beliefs or beliefs of a similar nature;

Trade union membership;

Physical or mental health or condition;

Sexual life; and

Genetic data or biometric data for the purpose of uniquely identifying you.

Process or Processing

This covers virtually anything anyone can do with Personal Data, including:

Obtaining, recording, retrieving, consulting or holding it;

Organizing, adapting or altering it;

Disclosing, disseminating or otherwise making it available; and

Aligning, blocking, erasing or destroying it.

What Information Do We Collect?

We collect different information about Members of the National Kitchen and Bath Association than we do non-members of the NKBA. We also collect information from visitors to our Site including visitors who purchase products from our NKBA store (“Site Visitors”), and the information we collect from Site Visitors may depend on whether the visitor is a Member or non-Member.

When you register as a Member, we use your Contact Information to manage your NKBA membership, log you into the Site, tailor and personalize your experience when using the Site, monitor Site usage to improve our membership services, and notify you of changes to the rules and policies of the NKBA (such as changes to this Privacy Policy, the NKBA’s By-Laws, or the Site’s Terms of Use). We also use your Contact Information to contact you with information about upcoming NKBA events, a service that you may opt out of at any time. Providing the NKBA with your up to date Contact Information is a condition of membership in the NKBA.

If you are a Member or specifically requested a subscription to NKBA’s newsletter, we also use your Contact Information to send you our newsletter, which contains articles, announcements (e.g., NKBA-sponsored or related events) and other items that the NKBA believes may be of interest to its Members. If you are subscribed to the newsletter, as a Member or otherwise, you may unsubscribe from the newsletter at any time by clicking the relevant unsubscribe link in the email or by contacting us.

Members have the right to post Personal Data to a publicly-accessible page on the Site (“Public Profile Information”). When you opt to display your Contact Information or other Personal Data on your publicly-available profile page on the Site, we store that information for the purpose of allowing Members, Site Visitors, or other third party requesters to find it during a search using the Site’s search functionality (or on occasion with NKBA’s manual assistance), view it in search results, and to view it on your publicly-available profile page.

When you purchase products in the NKBA store, we use your Contact Information for billing and shipping purposes and to send you direct marketing information if you have consented to us sending you such information.

When you visit the Site, the NKBA may use the IP address or Member identification of Site Visitors to store Site navigation information. See the section regarding cookies below for more information. We do not collect any Special Categories of Personal Data and will only store it if you provide it as part of your Public Profile Information. If you include any Special Categories of Personal Data in your Public Profile Information, other Members and Site Visitors may view it.

Personal information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can.Why Do We Process Your Data?

We use your Personal Data for the purposes set forth in the section “Personal information provided by you” and the purposes listed in this section. We are allowed to do so on certain legal bases go to section on “How is Processing Your Personal Data Lawful” which provides more detail on how processing your personal data is lawful.

Monitoring and recording communications

We may record communications with you (such as telephone conversations) for the purpose of training and we will advise you on the call if we are recording the call.

Marketing

We may ask you to confirm whether you would like us and other businesses that we specify to send you marketing messages when you tick the relevant boxes when you register as a Member or when you buy products from us in the NKBA store.

If you have consented to receive marketing from us, you can opt out at any time. See ‘Your Rights’ for further information.

Use of cookies and navigation devices

A cookie is a small text file which is placed onto your computer (or other electronic device) when you use the Site. Browsers are typically set to create cookies automatically. You can choose to have your browser notify you when cookies are being written to your computer or accessed, or you can disable cookies entirely. By not using cookies, some of services on the Site may not function properly. To find out more about cookies, visit http://www.aboutcookies.org/.

We use cookies on our Site. We do this to tailor and personalize Member and Site Visitor experience, for authentication and to provide persistent sessions (e.g., keeping Members logged into their account between sessions by storing a hashed code uniquely identifying the Member), and to log technical problems that occur while Site Visitors are using the Site. We may also use cookies to monitor and store, on an anonymized, aggregated or statistical basis: date and time of visit to Site, pages visited on the Site, IP address, browser type and version number (e.g., Internet Explorer 11, Google Chrome 55), platform type (e.g., Windows, Macintosh), referring sites (including search engines used), geographic location, Internet service provider (ISP), screen size, device type (desktop, tablet), new or returning, device type (e.g., MacBook Pro, Samsung Galaxy), and temporary session preferences (e.g., text size, color theme). If you are a Member then we may deduce your navigational behavior on our Site for the purposes of understanding what our Members are interested in and how we can upgrade our Site to accommodate those interests.

Tracking

Do Not Track (“DNT”) is a privacy preference that users can set in their web browsers. When a user turns on DNT, the browser sends a message to websites requesting that they don’t track the user. NKBA does not monitor any privacy preferences stored in DNT and will not therefore respond to or action any Do Not Track preferences that you may log in DNT. For more information about DNT, visit www.allaboutdnt.org.

If you are a Member we monitor your use of our Site through our third-party service providers, so we can both improve our Site and alert you to tasks that you may not have completed on the Site, for example failing to complete a job post in the Members section of the Site.

Third parties (including social media platforms) may collect personal information about your online activities over time and across different websites, including your use of the Site. This Privacy Policy does not apply to, and we are not responsible for, the practices of third parties that collect your personal information.

When Will We Delete Your Data?

The table below provides details about how long we will process your Personal Data.

Data we process

How long this will be held for

Your Contact Information and Public Profile Information as a Member

The life of your Membership plus 3 years unless you are a certified Member in which we case we retain the information that is necessary to prove you attained certification.

We do this in case you decide to rejoin NKBA as a certified Member. If you request us to delete your certification information after you cease to be a certified Member then we will do so but if you want to rejoin you will have to go through the whole recertification process again.

If you purchase products from the NKBA store, your name, address and email address

3 years from the date of the purchase

How Is Processing Your Personal Data Lawful?

We are allowed to process your personal data for at least the following reasons and legal basis in accordance with EU Data Protection Law:

Consent

You have given consent, such as opting in. We only send you unsolicited marketing materials if you have consented and opted in.

Contract

It is necessary for the performance of your Membership contract with us, which includes NKBA’s By-laws, Standards of Conduct and the Site’s Terms of Use. If we do not process your Personal Data then we will not be able to fulfill our obligations to you as a member of NKBA.

It is necessary for the performance of your contract for the purchase of products from the NKBA store; if we do not process your personal data we cannot process your purchase and ship the products to you.

Legitimate interest

Processing your Personal Data is also legal if it is based on our ‘legitimate interests’ for example, we analyze Members’ behavior on our Site to adapt the Site to ensure that we are providing information that is relevant for our Membership and we may send you marketing information about our products and services, To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that we do not intentionally intrude on your privacy more than necessary.

Manifestly public personal data

The data has been manifestly made public for example special categories of personal data that you place on the publicly accessible page.

Legal claims

We are establishing or defending a legal claim.

How We Keep Your Data Secure

We use technical and organizational measures to safeguard your Personal Data. For example, we use secure connections on our website when you register as a new Member or buy anything from our NKBA store and provide your Contact Information. This means that we convert your data into data that makes it harder for hackers to access your Personal Data on our Site (excluding the Personal Data you include in your Public Profile Information).

While we endeavor to use reasonable physical, organizational, technical and administrative procedures to protect to safeguard your Personal Data, no data transmission or storage system can be guaranteed to be perfectly secure. For at least this reason, we cannot guarantee the security or integrity of any Personal Data that is transferred from you or to you via the internet. If you have any particular concerns about your information or have reason to believe that your interaction with us is no longer secure, please contact us.

Who Will Have Access To Your Personal Data?

We may disclose your personal data to NKBA’s service providers for the purpose of obtaining their assistance with the Site and managing Member-related data. Key service providers who may access your Personal Data are:

Amazon web services (“AWS”) AWS host the Site and provide us with certain technical support services; and

Intercom and Mixpanel provide data analysis services to us to help us tailor the Site for our Site Visitors and Members and provide relevant messaging and marketing to our Site Visitors and Members.

The above service providers are data processors which means they process Your Personal Data on our documented instructions only.

We also share your Personal Data with Shopify who process your payment information when you buy something from the NKBA store. We pass your name, address and payment card information to them. They are a data controller of your Personal Data in their own right as a payment process provider. Please see their web site at https://www.shopify.com/legal/privacy for a copy of their privacy notice.

The NKBA is based in and your Personal Data is primarily stored in the United States. As such, and to the extent it is lawful, your Personal Data may be disclosed to or accessible by United States federal or state law enforcement.

The NKBA may aggregate and/or anonymize the Personal Data it collects and provide the aggregated and/or anonymized data to third parties for analytic or marketing purposes.

Transfers of your information out of the EEA

As NKBA’s primary servers are located in the United States, your Personal Data will be transferred to the United States or another country located outside the European Economic Area, for the purposes described in this Privacy Policy. This transfer is necessary in order for us to manage membership in the NKBA.

Notice To European Union Residents

Definitions

NKBA is a “Data Controller” for the purposes of the General Data Protection Regulation (GDPR) 2016/679 (“”EU Data Protection Laws”).

A “data controller” means any person who determines the purposes for which, and the manner in which, any personal data are processed.

A “data processor” means any person who processes data on behalf of the data controller.

“Information Commissioner” means the UK Information Commissioner who is responsible for implementing, overseeing and enforcing the EU Data Protection Laws.

If you are a data subject for the purposes of the EU Data Protection Law you have the following rights under that law.

The right of access to Personal Data relating to you

The right to correct any mistakes in your Personal Data

If technically feasible, the right to have a copy of your Personal Data ported to you

The right to ask us to stop contacting you with direct marketing

Rights in relation to automated decision making

The right to restrict or prevent your Personal Data being processed

If technically feasible, the right to have your Personal Data ported to another Data Controller (e.g. if you decide to contract with a different organization)

The right to erasure

The right to withdraw consent

These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your personal data, please contact info@nkba.org. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months. Please note that exceptions apply to some of these rights which we will apply in accordance with the law.

Right to access personal data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

A copy;

Details of the purpose for which it is being or is to be processed;

Details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;

The period for which it is held (or the criteria we use to determine how long it is held);

Any information available about the source of that data; and

Whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

Requests for your Personal Data must be made to NKBA via GDPR form in writing and a copy will be retained on your file. If and to the extent the Site provides such functionality, you may also be able to obtain a copy of your information via such functionality.

To help us find the information easily, please give us as much information as possible about the type of information you would like to see.

If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible.

There are certain types of Personal Data which we are not obliged to disclose to you, which include personal data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations.

Right to correct mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you would like us to do this, please:

Email, call or write to us as described in the section below regarding “How can you contact us?”

Let us have enough information to identify you, such as the email you provided if and when you registered as a Member, and

Let us know the information that is incorrect and what it should be replaced with.

If you are a Member, you may also be able to correct the mistake by logging into the Site and navigating to the page that lists your Contact Information or Public Profile Information. If the information is not correctable via the Site, you may correct it as described above.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please see the section on “Right to withdraw consent”

Rights in relation to automated decision taking/making

We do not currently carry out any automated decision making.

Right to prevent processing of personal data.

You may request that we stop processing your Personal Data temporarily if:

You do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;

The processing is unlawful but you do not want us to erase your data;

We no longer need the Personal Data for our processing, but you need the data to establish, exercise or defend legal claims; or

You have objected to Processing because you believe that your interests should override our legitimate interests.

Right to erasure

You can ask us to erase your Personal Data where:

You do not believe that we need your data for the purposes set out in this Privacy Notice;

You have given us consent to process your data, you have withdrawn that consent and we cannot otherwise legally process your data;

You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or

Your data has been processed unlawfully or has not been erased when it should have been.Copies of your personal data (Data portability)You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to withdraw consent

You have the right to withdraw consent you have given us at any point. This is a vital and necessary aspect of consent, and we are aware that you may wish to withdraw consent at any time. The following table lists the various ways in which you may withdraw your consent.

Depending on the applicable jurisdiction, you may be entitled to compensation for damage in the event your right of privacy is breached. By way of example, if you are a resident of the EU, you may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important you read this Privacy Notice – and if you do not think that we have processed your data in accordance with this notice – you should let us know as soon as possible. Similarly, if you are a resident of the European Union you may complain to the Information Commissioner’s Office, in which case information about how to do this is available on the website at www.ico.org.uk.

Notice to California Residents

Under California law, California residents may request a list of all third parties to which we have disclosed certain personal information (as defined by California law) during the preceding year for those third parties’ direct marketing purposes. If you are a California resident and would like to receive such a list, please contact us at the mailing address listed in the “Contact” section of the Site. For any such request, include the statement “California Privacy Rights” in the body of your request, as well as your name, street address, city, state, and zip code. Please provide enough information for us to determine if this applies to you. You must also attest to the fact that you are a California resident and provide a current California address for our response. Please note that we will not accept requests via the telephone, email, or by facsimile, and we are not responsible for notices that are not labeled or sent properly or that do not have complete information.

Notice to Canadian Residents

In certain Canadian jurisdictions you may have the right to request access to any of your personal information that we hold about you. You may withdraw consent to our further use of your personal information subject to legal and contractual restrictions at any time. To enquire about your right to request access or to withdraw consent please contact NKBA’s privacy officer at privacy@NKBA.org.